* Interactive Theorem Provers: These let humans take mathematical facts and attempt to prove a goal, in cases where the automated tools can't manage. Package: ''Coq''

* Interactive Theorem Provers: These let humans take mathematical facts and attempt to prove a goal, in cases where the automated tools can't manage. Package: ''Coq''

* Program Provers: These take software programs and break them down into verification conditions (VCs) for the above to solve. Package: ''Why'' (which can handle annotated C and Java)

* Program Provers: These take software programs and break them down into verification conditions (VCs) for the above to solve. Package: ''Why'' (which can handle annotated C and Java)

−

* Boolean Satisfiability (SAT) solvers: These take boolean equations and solve for them; they are a basic building block for some implementations of the above. Package: ''MiniSAT''

+

* Boolean Satisfiability (SAT) solvers: These take boolean equations and solve for them; they are a basic building block for some implementations of the above. Package: ''[https://bugzilla.redhat.com/show_bug.cgi?id=453701 MiniSAT]''

* Formal specification languages: These let people describe software or systems using a mathematically rigorous language, such as Z. Package: ''tex-zfuzz''

* Formal specification languages: These let people describe software or systems using a mathematically rigorous language, such as Z. Package: ''tex-zfuzz''

Contents

Feature Name

Provers

Summary

Add basic support for some key provers, solvers, and formal methods tools.
These tools let you prove that some facts are true (given other facts) and/or model
systems using mathematics, and can be used to
greatly increase the reliability of software and hardware.

Owner

Current status

Percentage of completion: 80% (MiniSAT packaged, but reviewer out of country)

Detailed Description

No realistic software or hardware can be exhaustively tested;
exhaustively a program that adds two 64-bit numbers would take more than 10^100 years.
So for decades people have worked to develop tools that can apply
mathematical techniques to prove that software and hardware does or does not do something.
These tools can be used for other purposes where proving something is true,
or solving for values given a large number of constraints, are important.

Here are some of these kinds of tools, along with packages of programs
that perform them:

Automated Theorem Provers: These take mathematical facts and attempt to prove a goal, completely automatically. Packages: prover9 and Zenon.

Interactive Theorem Provers: These let humans take mathematical facts and attempt to prove a goal, in cases where the automated tools can't manage. Package: Coq

Program Provers: These take software programs and break them down into verification conditions (VCs) for the above to solve. Package: Why (which can handle annotated C and Java)

Boolean Satisfiability (SAT) solvers: These take boolean equations and solve for them; they are a basic building block for some implementations of the above. Package: MiniSAT

Formal specification languages: These let people describe software or systems using a mathematically rigorous language, such as Z. Package: tex-zfuzz

Do not assume that you can just take a program prover on a big existing program and start
using it effectively. Scale can be a problem, all such tools have limitations,
and these tools are just starting to become mature.
Nevertheless, for those who are interested in the technology or who wish to help it mature,
these are a great place to start.

Benefit to Fedora

This enables developers to start using these kinds of programs in a variety of circumstances.

Scope

Developers have had to package a number of programs, most of which have not been packaged before.
In some cases, we've had to address integration problems (e.g., Zenon changed its input format, but the
Why developers didn't know that).
It has no effect on those who don't wish to use these tools.

Test Plan

No special hardware or system preparation is required; simply install the packages
listed above.
Many of the toolsuites include some checking.
In addition, the "Why" suite can use many other tools; we have used its
"binary-search.c" example with gwhy to test integration with Zenon and Coq.

User Experience

Target users will notice that they can easily install these tools.

Dependencies

There are no special dependencies.

Contingency Plan

None necessary, revert any undesirable packages.

Documentation

Documentation on these tools is notoriously bad; some packages don't
have any documentation at all.
We have written some brief documentation in some cases, and tried to include
some documentation with the tools.
We expect this to improve in future releases.